If Enhanced VPC Routing is not enabled, Amazon Redshift routes traffic through the
Internet,
including traffic to other services within the AWS network.

Important

Because Enhanced VPC Routing affects the way that Amazon Redshift accesses other resources,
COPY and UNLOAD commands might fail unless you configure your VPC correctly. You
must specifically create a network path between your cluster's VPC and your data
resources, as described following.

When you execute a COPY or UNLOAD command on a cluster that has Enhanced VPC Routing
enabled, your VPC routes the traffic to the specified resource using the
strictest, or most specific, network path available.

For example, you can configure the following pathways in your VPC:

VPC Endpoints – For traffic to an Amazon S3
bucket in the same region as your cluster, you can create a VPC endpoint to direct
traffic directly to the bucket. When you use VPC endpoints, you can attach an
endpoint policy to manage access to Amazon S3. For more information about using endpoints
with Amazon Redshift, see Working with VPC Endpoints.

NAT gateway – To connect to an Amazon S3 bucket
in another region or to another service within the AWS network, or to access a host
instance outside the AWS network, you can configure a network address translation (NAT)
gateway.

Internet gateway – To connect to AWS
services outside your VPC, you can attach an Internet gateway to your
VPC subnet. To use an Internet gateway, your cluster must have a public IP to allow
other services to communicate with your cluster.

There is no additional charge for using Enhanced VPC Routing. You might incur additional
data transfer charges for certain operations, such as UNLOAD to Amazon S3 in a different
region or COPY from Amazon EMR or SSH with public IP addresses. For more information
about
pricing, see Amazon EC2 Pricing.